Projects / Driftnet

Driftnet

Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. It is interesting to run it on a host which sees a lot of web traffic.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  09 Jul 2002 20:00

    Release Notes: This release fixes problems with building in adjunct-only mode. There are performance enhancements.

    •  26 Jun 2002 15:46

      Release Notes: Images can now be saved by clicking on them. MPEG audio streams may be captured. Driftnet can now operate as an adjunct to another program, and has been integrated with webcollage. Portability fixes and bugfixes were made. A man page was added.

      •  11 Sep 2001 21:40

        Release Notes: Minor bugfixes and feature enhancements.

        •  01 Sep 2001 05:20

          Release Notes: A number of serious bugs in the stream-capture code were fixed, new command line options added, user interface improved, and other minor changes.

          •  20 Jul 2001 15:15

            Release Notes: Various minor problems were fixed.

            Recent comments

            25 Feb 2014 16:40 Taurolyon

            It's a clever idea. It's a simple, yet ingenious method of testing if your web browsing streams are truly in an encrypted tunnel, testing VPN tunnels, etc. Granted, this would be a very quick diagnostic test, and not very thorough, but if you see images on an SSL site or VPN tunnel, likely, something isn't as secure as it should be.

            17 Jun 2010 02:19 darin722

            Fun program. I know there has been some interest in using driftnet on wireless packets via a device in monitor mode. Is there any particular reason this capability has never been added?

            19 Mar 2008 14:42 Arch4Ever

            Re: PNGs?


            > It would appear that Driftnet (in its

            > current version anyway) doesn't support

            > the capture and display of PNG images,

            This is on the todo list (among many other items), but it seems development on this project has ceased. :(

            It would be really cool if someone would continue work on this project.

            18 Sep 2006 00:27 sasquatchian

            PNGs?
            It would appear that Driftnet (in its current version anyway) doesn't support the capture and display of PNG images, either that or something in my build died (i don'tthink so because everything else is working fine).

            Any chance of a PNG fix? Great software otherwise, scary and cool at the same time :D

            29 Sep 2004 21:06 voidmain2

            Re: Pretty Cool


            >

            > % It would be nice to have an option to

            > % tag the images with the source and

            > % destination IP addresses, yeah I know

            > % that would be a pain.

            >

            >

            > It very deliberately doesn't do this.

            > Feel free to add this yourself,

            > but I won't accept such a patch into the

            > distribution.

            I actually have a need for this as well, but not for the Big Brother reasons you were probably thinking in your quote above. I spent some time trying to hack out just the parts of driftnet that I needed today but it hasn't been quite as easy as I had hoped.

            I am interested in just grabbing the JPEG images off the wire, checking them for the JPEG buffer overflow vulnerability. If they are infected, log the source and destination address, and URL/image name if possible, but that can be obtained via other means. I actually can take a stock driftnet and use the "-a -m 1000 -d /myjpgs" params and pipe the output to a simple little Perl script that will check the JPEG file for the buffer overflow vulnerability and successfully detect infected JPEGS but it doesn't do me a lot of good without knowing where it came from and where it was going.

            I would like to just get rid of the Perl part and strip out the JPEG grabber from driftnet and check for the vulnerability in memory and only write out the infected files along with the addresses (high utulization circuit). I know if I keep plucking at it I could hack out what I need but if anyone would be interested in helping I could use it.

            You can find the simple details on how to check for the overflow here:

            http://www.easynews.com/virus.html

            If anyone is interested in helping create a tool for this using driftnet (or something more appropriate) let me know. Here's a good place to post:

            http://voidmain.is-a-geek.net/forums/

            I know this wasn't the intended purpose for driftnet but it has most of the parts needed for this needed security app.

            Thanks!

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.